Mower County officials have confirmed that hackers stole HIPAA-protected information in a ransomware attack that struck the county’s computer network on June 18, 2025. The breach involved data connected to individuals who have received services from the County Health and Human Services Department.
The county reported that ransomware was detected in the early morning hours of June 18 and that federal law enforcement and cybersecurity consultants were immediately engaged to secure the network and investigate the incident. While most county systems have since been restored, officials have verified that cybercriminals acquired certain data during the attack. The full extent of the data exposure and the number of people affected remain under review.
According to County Administrator Matthew Verdick, investigators are conducting a detailed analysis of the stolen files to determine what types of information were involved, which individuals were impacted, and where they reside so that written notification can be issued. Although the investigation is ongoing, the county has reported the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights with a placeholder figure of at least 501 affected individuals, as required by federal breach reporting guidelines.
To keep residents informed, the county has posted an online notice about the incident at www.co.mower.mn.us
. Once the investigation concludes, individual notification letters will be mailed, and complimentary credit monitoring and identity theft protection services will be offered to those affected.
In the meantime, anyone who has previously received services from the Health and Human Services Department is advised to remain vigilant against identity theft by reviewing account statements, Explanation of Benefits forms, and free credit reports for any unusual or unauthorized activity.
